WHAT IS CLAIMED IS: 



1 1 . A method for controlling routing of data comprising: 

2 determining at least one data flow is active, the at least one data flow having 

3 an ingress portion of a current ingress path to a first point from a second point and an egress 

4 portion of a current egress path to the second point from the first point; and 

5 routing another data flow via a next ingress portion of a next path to the first 

6 point from the second point. 

1 2. The method of claim 1 , further comprising: 

2 preserving the current ingress portion for the at least one active data flow after 

3 the another data flow is routed via the next ingress portion. 

1 3 . The method of claim 2, wherein preserving the current ingress portion 

y>, 2 comprises: 

^ 3 forming a current ingress association of the at least one active data flow with 

J5 4 the current ingress portion; and 

% 5 routing data via the current ingress portion in accordance to the current ingress 

O 6 association. 

! . l 4. The method of claim 2, further comprising: 

fy 2 extinguishing the preservation of the current ingress portion when the at least 

3 one data flow is inactive such that the current ingress portion is not available to route data. 



1 5. The method of claim 3, wherein forming the current ingress 

2 association comprises: 

3 identifying the at least one active data flow with at least one remote 

4 destination address related to the second point; 

5 identifying the current ingress portion with a first local network address 

6 related to a local source address; 

7 associating the at least one remote destination address with the first local 

8 network address; and 

9 storing data representing the association between the at least one remote 

10 destination address with the first local network address in a data structure within a database. 



(00050599vl} 
70 



1 6. The method of claim 5, wherein the current ingress path is defined by a 

2 unique, specific remote destination address (/32). 

1 7. The method of claim 5, wherein the database is an information base. 

1 8. The method of claim 1, wherein determining at least one data flow of a 

2 current path is active comprises performing stateful inspection of the at least one flow. 

1 9. The method of claim 8, wherein performing stateful inspection of the 

2 at least one flow comprises: 

3 examining at least one TCP session-related characteristic; and 

4 using the at least one TCP session-related characteristic to determine that the 

5 at least one active flow is active. 

a 1 10. The method of claim 1 , wherein routing the another data flow via the 

^ 2 next ingress portion comprises: 

" 3 forming a next ingress association of the another data flow with the next 

3 4 ingress portion; and 

5 routing data via the next ingress portion in accordance to the next ingress 

6 association. 

1 11. The method of claim 10, wherein forming the next ingress association 

2 comprises: 

3 identifying the another data flow with at least one remote destination address 

4 related to the second point; 

5 identifying the next ingress portion with a second local network address 

6 related to a local source address; 

7 associating the at least one remote destination address with the second local 

8 network address; and 

9 storing data representing the association between the at least one remote 

10 destination address with the second local network address in a data structure within a 

1 1 database. 

1 12. The method of claim 1 1 , further comprising translating a first local 

2 network address into the second local network address. 
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1 13. The method of claim 1 1 , wherein the at least one remote destination 

2 addresses is defined by a super-set or a group of remote destination addresses (/24). 

1 14. The method of claim 1 , further comprising: 

2 routing the another data flow via a next egress portion of a next egress path to 

3 the second point from the first point. 

1 15. The method of claim 14, further comprising: 

2 preserving the current egress portion for the at least one active data flow after 

3 the another data flow is routed via the next egress portion. 

1 16. The method of claim 1 5, wherein preserving the current egress portion 

2 comprises: 

3 forming a current egress association of the at least one active data flow with 

4 the current egress portion; and 

5 routing data via the current egress portion in accordance to the current egress 

6 association. 

1 17. The method of claim 15, further comprising: 

2 extinguishing the preservation of the current egress portion when the at least 

3 one data flow is inactive such that the current egress portion is not available to route data. 

1 18. The method of claim 1 6, wherein forming the current egress 

2 association comprises: 

3 identifying the at least one active data flow with at least one remote 

4 destination address related to the second point; 

5 identifying the current egress portion with a first interface; 

6 associating the at least one remote destination address with the first interface; 

7 and 

8 storing data representing the association between the at least one remote 

9 destination address in a data structure within a database. 

1 19. The method of claim 1 8, wherein the first interface is a physical 

2 interface. 
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interface. 



20. 



The method of claim 18, wherein the first interface is a virtual 



tl 



3 ; 



1 21. The method of claim 1 8, wherein the database is an information base. 

1 22. The method of claim 14, wherein routing the another data flow via the 

2 next egress portion comprises: 

3 forming a next egress association of the another data flow with the next egress 

4 portion; and 

5 routing data via the next egress portion in accordance to the next egress 

6 association. 

1 23 . The method of claim 22, wherein forming the next egress association 

2 comprises: 

3 identifying the another data flow with at least one remote destination address 

4 related to the second point; 

5 identifying the next egress portion with a second interface; 

6 associating the at least one remote destination address with the second 

7 interface; and 

8 storing data representing the association between the at least one remote 

9 destination address with the second interface in a data structure within a database. 

1 24. A system for controlling routing of data through one or more data 

2 networks, the system comprising: 

3 a flow inspector designed to receive local network data traffic from or to a 

4 local source address, the flow inspector configured to determine that at least one data flow of 

5 the local network traffic is active; 

6 an information base coupled to the flow inspector to receive data representing 

7 one or more flows that are active, the information base configured to provide a current 

8 ingress portion of a current ingress path for the at least one active flow from a second point to 

9 first point; and 

1 0 a data director coupled to the information base to receive the local network 

1 1 data traffic and data representing a next ingress portion of a next ingress path, the data 

12 director configured to route data via the current ingress portion for active flows and to route 

1 3 data via the next ingress portion for next data flows. 
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25. The system of claim 24, further comprising a controller configured to 
provide a route change including the next ingress portion. 



2 
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26. The system of claim 25, further comprising a controller configured to 
provide the next ingress portion to the data director. 



2 



1 



27. The system of claim 25, further comprising a controller configured to 
provide the next ingress portion to the information base. 



2 



1 



28. The system of claim 25, wherein the information base is a network 
address information base (NIB). 



1 



29. The system of claim 28, further comprising a network address 



2 translation (NAT) engine coupled to the network address information base to receive 

3 information, the network address translation engine configured to route data via the current 

4 ingress portion for active flows to the first point from the second point and to route data via 

5 the next ingress portion for next data flows to the first point from the second point, where the 

6 next ingress portion is associated with an address translated by the network address 

7 translation engine. 

1 30. The system of claim 29, wherein the network translation engine is 

2 further configured to route data such that the active data flow routed from the first point to 

3 the second point returns to the first point via the current ingress portion and the next data 

4 flow route from the first point to the second point returns to the first point via the next ingress 

5 portion. 

1 31. The system of claim 29, wherein the current ingress portion and the 

2 next ingress portion is associated with a first data network and a second data network, 

3 respectively, of a plurality of data networks. 

1 32. The system of claim 24, wherein 

2 the information base is further configured to provide a current egress portion 

3 of a current egress path to the second point from the first point; and 

4 the data director is further coupled to the information base to receive data 

5 representing a next egress portion of a next egress path, the data director configured to route 
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6 data via the current egress portion for active flows and to route data via the next egress 

7 portion for next data flows. 

1 33 . The system of claim 32, further comprising a controller configured to 

2 provide a route change including the next egress portion. 

1 34. The system of claim 32, further comprising a controller configured to 

2 provide the next egress portion to the data director. 

1 3 5 . The system of claim 32, further comprising a controller configured to 

2 provide the next egress portion to the information base. 

1 36. The system of claim 32, wherein the information base includes a 

2 forwarding information base (FIB). 

1 37. The system of claim 32, further comprising a forwarding engine 

2 coupled to the forwarding information base to receive information, the forwarding engine 

3 configured to route data via the current egress portion for active flows to the second point 

4 from the first point and to route data via the next egress portion for next data flows to the 

5 second point from the first point. 

1 38. The system of claim 37, wherein the forwarding engine associates a 

2 first virtual local access network (VLAN) tag to active data flows from the first point to the 

3 second point, where the first VLAN tag is associated with the current egress portion, and 

4 associates a second VLAN tag to next data flows from the first point to the second point 

5 where the second VLAN tag is associated with the next egress portion. 

1 39. The system of claim 3 8, further comprising at least one network device 

2 coupled to the forwarding engine to receive the active data flows and the next data flows, the 

3 at least one network device having two or more virtual router facilities ("VRFs"), each of the 

4 two or more VRFs is coupled to a data network, 

5 wherein, the at least one network device routes the active data flows to one 

6 data network and routes the next data flows to another data network according to the first 

7 VLAN and the second VLAN tags, respectively. 

1 40. The system of claim 32, wherein the information base includes a 

2 routing information base (RIB). 
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1 41. The system of claim 40, further comprising a routing engine coupled to 

2 the routing information base to receive information, the routing engine configured to route 

3 data via the current egress portion for active flows to the second point from the first point and 

4 to route data via the next egress portion for next data flows to the second point from the first 

5 point. 

1 42. The system of claim 4 1 , wherein the routing engine associates a first 

2 physical interface to active data flows to the second point from the first point, where the first 

3 physical interface is associated with the current egress portion, and associates a second 

4 physical interface to next data flows to the second point from the first point where the second 

5 physical interface is associated with the next egress portion. 



1 43 . The system of claim 4 1 , further comprising at least one network device 

2 coupled to the routing engine to receive the active data flows and the next data flows, the at 

3 least one network device having two or more egress gateways, each of the two or more egress 

4 gateways is coupled to a data network, 

5 wherein, the at least one network device routes the active data flows to one 

6 data network and routes the next data flows to another data network according to the first 

7 physical and the second physical interfaces, respectively. 

1 44. A system for controlling routing of data through one or more data 

2 networks, the system comprising: 

3 a flow inspector designed to receive local network data traffic from or to a 

4 local source address, the flow inspector configured to determine that at least one data flow of 

5 the local network traffic is active; 

6 an information base coupled to the flow inspector to receive data representing 

7 one or more flows that are active, the information base configured to provide a current egress 

8 portion of a current egress path to a second point to from a first point; and 

9 a data director coupled to the information base designed to receive the local 

10 network data traffic and data representing a next egress portion of a next egress path, the data 

1 1 director configured to route data via the current egress portion for active flows and to route 

1 2 data via the next egress portion for next data flows. 

1 45 . The system of claim 44, wherein the information base includes a 

2 forwarding information base (FIB). 
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46. The system of claim 45, further comprising a forwarding engine 
coupled to the forwarding information base to receive information, the forwarding engine 
configured to route data via the current egress portion for active flows to the second point 
from the first point and to route data via the next egress portion for next data flows to the 
second point from the first point. 

47. The system of claim 46, wherein the forwarding engine associates a 
first virtual local access network (VLAN) tag to active data flows from the first point to the 
second point, where the first VLAN tag is associated with the current egress portion, and 
associates a second VLAN tag to next data flows from the first point to the second point 
where the second VLAN tag is associated with the next egress portion. 

48. The system of claim 47, further comprising at least one network device 
coupled to the forwarding engine to receive the active data flows and the next data flows, the 
at least one network device having two or more virtual router facilities ("VRFs"), each of the 
two or more VRFs is coupled to another network device, where the another network device is 
coupled to a data network, 

wherein, the at least one network device routes the active data flows to a first 
another network device and routes the next data flows to a second another network device 
according to the first VLAN and the second VLAN tags, respectively. 

49. The system of claim 48, wherein the first another and the second 
another network device each further comprises: 

a network address translation (NAT) engine, the network address translation 
engine configured to route data via a current ingress portion for active flows to the first point 
from the second point and to route data via a next ingress portion for next data flows to the 
first point from the second point, where the next ingress portion is associated with an address 
translated by the network address translation engine. 

50. A router for controlling routing of data to a remote destination address 
from a local source address in a local source network, the local source network is 
multi-homed and is coupled to two or more first level data networks, the router comprising: 

a flow inspector designed to receive local network data traffic from a local 
source address, the flow inspector configured to determine that at least one data flow of the 
local network traffic is active; 
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an information base comprising: 
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a network address translation lniormaiion oase connguicu iu piuviuc a 
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current ingress portion 01 a cunent ingress pain 101 uic ai icabi unc dtuvc uata iww tw 




10 


the local source address from the remote destination address, 




11 


a forwarding information base, configured to provide a current egress 




12 


portion oi a current egress pain ior me ai leasi unc dtuvo uaia uuw iu mc ivmuu/ 




13 


destination address from the local source address, 




14 


each of the miormation bases coupled to tne now inspector to receive 




15 


data representing one or more flows that are active; and 




16 


a data director comprising: 




17 


a network address translation engine coupieu xo tne neiworK aaaress 




18 


translation information base designed to receive tne local networK aaxa trainc ana aaia 




19 


representing a next ingress portion of a next ingress path, and 




20 


a forwarding engine coupled to the forwarding information base to 


^™ 


21 


receive the local network data traffic and data representing a next egress portion of the 


■J5 — 
■assK, 


22 


next egress path, 




23 


wherein, the network address translation engine is designed to route 


n ii 


24 


the active flows to the remote destination address via a first multi-homed first level 




25 


data network, where the ingress path for the active flow includes a second multi- 




26 


homed first level data network, the network address translation engine is designed 




27 


further to route the next flows to the remote destination address via the first multi- 




28 


homed first level data network, where the ingress path for the next flow includes a 




29 


third multi-homed first level data network, and 




30 


wherein, the forwarding engine is designed to route the active flows to 




31 


the remote destination address via one multi-homed first level data network including 




32 


the egress path for the active flow and is designed further to route next flows to the 




33 


remote destination address via another multi-homed first level data network including 




34 


the egress path for the next flow. 




1 


51. A method for controlling routing of data comprising: 




2 


determining at least one data flow is active, the at least one data flow having 




3 


an ingress portion of a current ingress path to a first point from a second point and an egress 




4 


portion of a current egress path to the second point from the first point; 
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5 routing another data flow via a next ingress portion of a next path to the first 

6 point from the second point; 

7 preserving the current ingress portion for the at least one active data flow after 

8 the another data flow is routed via the next ingress portion, where preserving the current 

9 ingress portion includes: 

10 forming a current ingress association of the at least one active data 

1 1 flow with the current ingress portion, and 

\2 routing data via the current ingress portion in accordance to the current 

13 ingress association, 

14 extinguishing the preservation of the current ingress portion when the at least 

1 5 one data flow is inactive such that the current ingress portion is not available to route data; 

1 g routing the another data flow via a next egress portion of a next egress path to 

1 7 the second point from the first point; 

^ 1 8 preserving the current egress portion for the at least one active data flow after 

p 19 the another data flow is routed via the next egress portion, where preserving the current 

20 egress portion includes: 

v0 21 forming a current egress association of the at least one active data flow 

J! 22 with the current egress portion, and 

s 23 routing data via the current egress portion in accordance to the current 

k ii 24 egress association; and 

[0 25 extinguishing the preservation of the current egress portion when the at least 

D 26 one data flow is inactive such that the current egress portion is not available to route data. 

1 



{00050599vl} 
79 



